DOCSLIB.ORG

A Password-Based Key Derivation Algorithm Using the KBRP Method

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

American Journal of Applied Sciences 5 (7): 777-782, 2008 ISSN 1546-9239 © 2008 Science Publications A Password-Based Key Derivation Algorithm Using the KBRP Method 1Shakir M. Hussain and 2Hussein Al-Bahadili 1Faculty of CSIT, Applied Science University, P.O. Box 22, Amman 11931, Jordan 2Faculty of Information Systems and Technology, Arab Academy for Banking and Financial Sciences, P.O. Box 13190, Amman 11942, Jordan Abstract: This study presents a new efficient password-based strong key derivation algorithm using the key based random permutation the KBRP method. The algorithm consists of five steps, the first three steps are similar to those formed the KBRP method. The last two steps are added to derive a key and to ensure that the derived key has all the characteristics of a strong key. In order to demonstrate the efficiency of the algorithm, a number of keys are derived using various passwords of different content and length. The features of the derived keys show a good agreement with all characteristics of strong keys. In addition, they are compared with features of keys generated using the WLAN strong key generator v2.2 by Warewolf Labs. Key words: Key derivation, key generation, strong key, random permutation, Key Based Random Permutation (KBRP), key authentication, password authentication, key exchange INTRODUCTION • The key size must be long enough so that it can not Key derivation is the process of generating one or be easily broken more keys for cryptography and authentication, where a • The key should have the highest possible entropy key is a sequence of characters that controls the process (close to unity) [1,2] of a cryptographic or authentication algorithm . • Run length should be less than eight bits Strong key derivation has become a primary concern in (a character word length) wireless network in order to provide secure • Bits are randomly distributed throughout the key communication in a hostile environment. For example, sequence Diffie-Hellman based key exchanges establish a secure • No particular pattern can be recognized throughout communication channel between two parties by the key sequence securely negotiating a large random element in a given cyclic group, called master secret. Then, this secret is Hash function and pseudorandom function are used to derive keys for encrypting and authenticating widely used for key derivation. These two functional [3] data . These keys must be bit-strings of some specific approaches are used in PBKDF1 and PBKDF2, length uniformly distributed and used as input respectively. PBKDF2 is recommended for new parameters to symmetric ciphers (for privacy), message applications while PBKDF1 is included only for authentication codes (for authentication) and pseudo- compatibility with existing applications and is not random functions (for expansion of a seed into a longer recommended for new applications (Kal 00). A wired bit-string)[4]. equivalent privacy or wireless encryption protocol There are a number of approaches that have been (WEP) is another functional approach that is developed developed for strong key derivation such as: functional to provide security for wireless networks. However, a based[5,6,2], biometric based[7,8,9] and voice based[10,11,12]. number of techniques and programs are now available The functional based key derivation approach is often that can crack a WEP key in less than a minute. Despite used to derive one or more keys from a common secret that a wireless strong key generator has been developed value (password); therefore, it may be referred to as a to enhance wireless security such as the WLAN strong password-based key derivation[2]. key generator v2.2 by Warewolf Labs[14]. For strong cryptography, keys need to be carefully In this study a new efficient password-based key selected and must acquire some special characteristics, derivation algorithm is proposed for a strong key such as[2,7,13]: derivation, regardless of the password elements and Corresponding Author: Shakir M. Hussain, Faculty of CSIT, Applied Science University, P.O. Box 22, Amman 11931, Jordan 777 Am. J. Applied Sci., 5 (7): 777-782, 2008 length. The algorithm utilizes the Key Based Random method referred to as Biometric Aggregation. In this Permutation (KBRP) method in[15]. In order to ensure approach, the encryption process begins with the that the binary sequence generated is hard to predict, acquisition of the required biometric samples. Features first, an important modification is introduced to the last and parameters are extracted from these samples and step in KBRP, namely the fill () step. Second, two used to derive a biometric key that can be used to further steps are added to the KBRP method to derive a encrypt a plaintext message and its header information. strong key. During the decryption process, acquisition of additional The modified KBRP method assures that the key biometric samples from which the same features and derived is of highest possible entropy (close to unity, parameters are extracted and used to produce a “noisy” since the number of 0’s and 1’s are only differing by 1). key as done in the encryption process. Next, a small set But the derived key may not provide an adequate run of permutations of the “noisy” key are computed. These length for 0’s and 1’s. Therefore, in order to satisfy a keys are used to decrypt the header information and suitable run length (RL) of 0’s and 1’s, we march determine the validity of the key. If the header is through the derived key and every time the run length is greater than RL, then the last bit in RL is replaced with determined to be valid, then the rest of the message is the subsequent bit that represents its complement. decrypted. The proposed approach eliminates the need This algorithm ensures even with weak password, a for biometric matching algorithms, reduces the cost strong key can be derived to satisfy the characteristics associated with lost keys and addresses non-repudiation mentioned above. So that user can still use their favorite issues. [11,12] password set without affecting the key strength. Monrose et al. developed a technique to The features of the keys generated using the reliably generate a cryptographic key from a user’s proposed algorithm are evaluated, analyzed and voice while speaking a password. The key resists compared with the results obtained from the WLAN cryptanalysis even against an attacker who captures all strong key generator v2.2 by Wareworlf Labs. The system information related to generating or verifying features evaluation process is done by comparing the the cryptographic key. Moreover, the technique is entropy of the derived key, maximum run length of 0's sufficiently robust to enable the user to reliably and 1's and the average run length. regenerate the key by uttering the password again. They described an empirical evaluation of their technique LITERATURE REVIEW using 250 utterances recorded from 50 users. Teoh[9] proposed a novel two-stage technique to A number of key derivation approaches have been generate personalized cryptographic keys from the face developed throughout the years, such as: functional biometric, which offers the inextricably link to its [2,5,6] [7,8,9] [10,11,12] based , biometric based and voice based . owner. At the first stage, integral transform of biometric [2] B. Kaliski proposed a functional based approach input is to discretise to produce a set of bit to derive a key from a password and other parameters representation with a set of tokenised pseudorandom such as a salt value and an iteration count. He number, coined as FaceHash. In the second stage, developed two functions for key derivation, namely, FaceHash is then securely reduced to a single PBKDF1 and PBKDF2. PBKDF2 is recommended for cryptographic key via Shamir secret-sharing. Tokenised new applications; PBKDF1 is included only for FaceHashing is rigorously protective of the face data, compatibility with existing applications and is not with security comparable to cryptographic hashing of recommended for new applications. token and knowledge key-factor. The key is constructed He defined four steps in his key derivation to resist cryptanalysis even against an adversary who functions. These are: (1) select a salt value and an captures the user device or the feature descriptor. iteration count, (2) select a length in octets for the Peyravian et al.[16] used either a ‘user Identifier’ derived key, (3) apply the key derivation function to the (userID) or information that may be used to identify the password, the salt, the iteration count and the key individual such as a user's biometric data. These data length to produce a derived key and (4) output the can be the user's fingerprints, hand geometry, iris derived key. In this approach, many numbers of keys pattern, or any other suitable biometric identification. may be derived from a password by varying the salt. Then such user ID-based or biometric-based key or Costanzo[7] proposed a biometric key derivation random number generated based on their algorithms approach for generating a cryptographic key from an may be used in asymmetric-key cryptographic systems individual’s biometric for use in proven symmetric (such as the RSA) or the symmetric-key cryptographic cipher algorithms. The proposed approach uses a systems (such as the DES). 778 Am. J. Applied Sci., 5 (7): 777-782, 2008 THE PROPOSED KEY DERIVATION P: array holds permutation with ALGORITHM Values 1 to N Here we present a description of the proposed key KEY: key (string of bits) of size N derivation algorithm. It utilizes the KBRP method[15]; For (i = 1 to N) therefore, we first provide a brief description of this KEY[i] = P[i] MOD 2 method followed by a detail implementation of the KEY[P[1]] = NOT KEY [P[1]] proposed algorithm.
Recommended publications
  • Public-Key Cryptography

    Public-Key Cryptography

    Public Key Cryptography EJ Jung Basic Public Key Cryptography public key public key ? private key Alice Bob Given: Everybody knows Bob’s public key - How is this achieved in practice? Only Bob knows the corresponding private key Goals: 1. Alice wants to send a secret message to Bob 2. Bob wants to authenticate himself Requirements for Public-Key Crypto ! Key generation: computationally easy to generate a pair (public key PK, private key SK) • Computationally infeasible to determine private key PK given only public key PK ! Encryption: given plaintext M and public key PK, easy to compute ciphertext C=EPK(M) ! Decryption: given ciphertext C=EPK(M) and private key SK, easy to compute plaintext M • Infeasible to compute M from C without SK • Decrypt(SK,Encrypt(PK,M))=M Requirements for Public-Key Cryptography 1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb) 2. Easy for sender to generate ciphertext: C = EKUb (M ) 3. Easy for the receiver to decrypt ciphertect using private key: M = DKRb (C) = DKRb[EKUb (M )] Henric Johnson 4 Requirements for Public-Key Cryptography 4. Computationally infeasible to determine private key (KRb) knowing public key (KUb) 5. Computationally infeasible to recover message M, knowing KUb and ciphertext C 6. Either of the two keys can be used for encryption, with the other used for decryption: M = DKRb[EKUb (M )] = DKUb[EKRb (M )] Henric Johnson 5 Public-Key Cryptographic Algorithms ! RSA and Diffie-Hellman ! RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977. • RSA
  • Reconsidering the Security Bound of AES-GCM-SIV

    Reconsidering the Security Bound of AES-GCM-SIV

    Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Reconsidering the Security Bound of AES-GCM-SIV Tetsu Iwata1 and Yannick Seurin2 1Nagoya University, Japan 2ANSSI, France March 7, 2018 — FSE 2018 T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 1 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 2 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 2 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T.
  • Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms

    Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms

    Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms Levent Ertaul, Manpreet Kaur, Venkata Arun Kumar R Gudise CSU East Bay, Hayward, CA, USA. [email protected], [email protected], [email protected] Abstract- With the increase in mobile wireless or data lookup. Whereas, Cryptographic hash functions are technologies, security breaches are also increasing. It has used for building blocks for HMACs which provides become critical to safeguard our sensitive information message authentication. They ensure integrity of the data from the wrongdoers. So, having strong password is that is transmitted. Collision free hash function is the one pivotal. As almost every website needs you to login and which can never have same hashes of different output. If a create a password, it’s tempting to use same password and b are inputs such that H (a) =H (b), and a ≠ b. for numerous websites like banks, shopping and social User chosen passwords shall not be used directly as networking websites. This way we are making our cryptographic keys as they have low entropy and information easily accessible to hackers. Hence, we need randomness properties [2].Password is the secret value from a strong application for password security and which the cryptographic key can be generated. Figure 1 management. In this paper, we are going to compare the shows the statics of increasing cybercrime every year. Hence performance of 3 key derivation algorithms, namely, there is a need for strong key generation algorithms which PBKDF2 (Password Based Key Derivation Function), can generate the keys which are nearly impossible for the Bcrypt and Scrypt.
  • Security Policy: Informacast Java Crypto Library

    Security Policy: Informacast Java Crypto Library

    FIPS 140-2 Non-Proprietary Security Policy: InformaCast Java Crypto Library FIPS 140-2 Non-Proprietary Security Policy InformaCast Java Crypto Library Software Version 3.0 Document Version 1.2 June 26, 2017 Prepared For: Prepared By: Singlewire Software SafeLogic Inc. 1002 Deming Way 530 Lytton Ave, Suite 200 Madison, WI 53717 Palo Alto, CA 94301 www.singlewire.com www.safelogic.com Document Version 1.2 © Singlewire Software Page 1 of 35 FIPS 140-2 Non-Proprietary Security Policy: InformaCast Java Crypto Library Abstract This document provides a non-proprietary FIPS 140-2 Security Policy for InformaCast Java Crypto Library. Document Version 1.2 © Singlewire Software Page 2 of 35 FIPS 140-2 Non-Proprietary Security Policy: InformaCast Java Crypto Library Table of Contents 1 Introduction .................................................................................................................................................. 5 1.1 About FIPS 140 ............................................................................................................................................. 5 1.2 About this Document.................................................................................................................................... 5 1.3 External Resources ....................................................................................................................................... 5 1.4 Notices .........................................................................................................................................................
  • Key Derivation Functions and Their GPU Implementation

    Key Derivation Functions and Their GPU Implementation

    MASARYK UNIVERSITY FACULTY}w¡¢£¤¥¦§¨ OF I !"#$%&'()+,-./012345<yA|NFORMATICS Key derivation functions and their GPU implementation BACHELOR’S THESIS Ondrej Mosnáˇcek Brno, Spring 2015 This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-nc-sa/4.0/ cbna ii Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Ondrej Mosnáˇcek Advisor: Ing. Milan Brož iii Acknowledgement I would like to thank my supervisor for his guidance and support, and also for his extensive contributions to the Cryptsetup open- source project. Next, I would like to thank my family for their support and pa- tience and also to my friends who were falling behind schedule just like me and thus helped me not to panic. Last but not least, access to computing and storage facilities owned by parties and projects contributing to the National Grid In- frastructure MetaCentrum, provided under the programme “Projects of Large Infrastructure for Research, Development, and Innovations” (LM2010005), is also greatly appreciated. v Abstract Key derivation functions are a key element of many cryptographic applications. Password-based key derivation functions are designed specifically to derive cryptographic keys from low-entropy sources (such as passwords or passphrases) and to counter brute-force and dictionary attacks. However, the most widely adopted standard for password-based key derivation, PBKDF2, as implemented in most applications, is highly susceptible to attacks using Graphics Process- ing Units (GPUs).
  • Authentication and Key Distribution in Computer Networks and Distributed Systems

    Authentication and Key Distribution in Computer Networks and Distributed Systems

    13 Authentication and key distribution in computer networks and distributed systems Rolf Oppliger University of Berne Institute for Computer Science and Applied Mathematics {JAM) Neubruckstrasse 10, CH-3012 Bern Phone +41 31 631 89 51, Fax +41 31 631 39 65, [email protected] Abstract Authentication and key distribution systems are used in computer networks and dis­ tributed systems to provide security services at the application layer. There are several authentication and key distribution systems currently available, and this paper focuses on Kerberos (OSF DCE), NetSP, SPX, TESS and SESAME. The systems are outlined and reviewed with special regard to the security services they offer, the cryptographic techniques they use, their conformance to international standards, and their availability and exportability. Keywords Authentication, key distribution, Kerberos, NetSP, SPX, TESS, SESAME 1 INTRODUCTION Authentication and key distribution systems are used in computer networks and dis­ tributed systems to provide security services at the application layer. There are several authentication and key distribution systems currently available, and this paper focuses on Kerberos (OSF DCE), NetSP, SPX, TESS and SESAME. The systems are outlined and reviewed with special regard to the security services they offer, the cryptographic techniques they use, their conformance to international standards, and their availability and exportability. It is assumed that the reader of this paper is familiar with the funda­ mentals of cryptography, and the use of cryptographic techniques in computer networks and distributed systems (Oppliger, 1992 and Schneier, 1994). The following notation is used in this paper: • Capital letters are used to refer to principals (users, clients and servers).
  • TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula

    TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula

    TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula October 2015 Abstract 1 Introduction The security of Electronic commerce is completely in the hands of Cryptogra- phy. Most of the transactions through e-commerce sites, auction sites, on-line banking, stock trading and many more are exchanged over the network. SSL or TLS are the additional layers that are required in order to obtain authen- tication, privacy and integrity for all kinds of communication going through network. This paper focuses on the additional layer (TLS) which is responsi- ble for the whole communication. Transport Layer Security is a protocol that is responsible for offering privacy between the communicating applications and their users on Internet. TLS is inserted between the application layer and the network layer-where the session layer is in the OSI model TLS, however, requires a reliable transport channel-typically TCP. 2 History Instead of the end-to-end argument and the S-HTTP proposal the developers at Netscape Communications introduced an interesting secured connection concept of low-layer and high-layer security. For achieving this type of security there em- ployed a new intermediate layer between the transport layer and the application layer which is called as Secure Sockets Layer (SSL). SSL is the starting stage for the evolution of different transport layer security protocols. Technically SSL protocol is assigned to the transport layer because of its functionality is deeply inter-winded with the one of a transport layer protocol like TCP. Coming to history of Transport layer protocols as soon as the National Center for Super- computing Application (NCSA) released the first popular Web browser called Mosaic 1.0 in 1993, Netscape Communications started working on SSL protocol.
  • An Efficient Watermarking and Key Generation Technique Using DWT Algorithm in Three- Dimensional Image

    An Efficient Watermarking and Key Generation Technique Using DWT Algorithm in Three- Dimensional Image

    International Journal of Recent Technology and Engineering (IJRTE) ISSN: 2277-3878, Volume-8 Issue-2, July 2019 An Efficient Watermarking and Key Generation Technique Using DWT Algorithm in Three- Dimensional Image R. Saikumar, D. Napoleon Abstract:Discrete Wavelet Transform is the algorithm which obtained by compressive sensing. It is a novel technology can be used to increase the contrast of an image for better visual used to compress the data at a higher rate than the quality of an image. The histogram value for original image with highest bins is taken for embedding the data into an image to conventional method. The compression and encryption are perform the histogram equalization for repeating the process achieved by a single linear measurement step through a simultaneously. Information can be embedded into the source measurement matrix, which can be generated by the secret image with some bit value, for recovering the original image key. This key can be shared only among the sender and the without any loss of the pixels. DWT is the first algorithm which has achieved the image contrast enhancement accurately. This receiver at the time of sending and receiving data as a approach maintained the original visual quality of an image even multimedia file. though themessage bits are embedded into the contrast-enhanced images. The proposed work with an original watermarking II. LITERATURE REVIEW scheme based on the least significant bit technique. As a substitute of embedding the data into a simple image as Y. Sridhar et al: An author says about the unique structure watermarking, least significant bitmethod by utilizing the three about the scalable coding for PRNG images which have wavelets transform is applied in the proposed system in order to been encrypted.
  • The Summation-Truncation Hybrid: Reusing Discarded Bits for Free

    The Summation-Truncation Hybrid: Reusing Discarded Bits for Free

    The Summation-Truncation Hybrid: Reusing Discarded Bits for Free Aldo Gunsing and Bart Mennink Digital Security Group, Radboud University, Nijmegen, The Netherlands [email protected], [email protected] Abstract. A well-established PRP-to-PRF conversion design is trun- cation: one evaluates an n-bit pseudorandom permutation on a certain input, and truncates the result to a bits. The construction is known to achieve tight 2n−a=2 security. Truncation has gained popularity due to its appearance in the GCM-SIV key derivation function (ACM CCS 2015). This key derivation function makes four evaluations of AES, truncates the outputs to n=2 bits, and concatenates these to get a 2n-bit subkey. In this work, we demonstrate that truncation is wasteful. In more detail, we present the Summation-Truncation Hybrid (STH). At a high level, the construction consists of two parallel evaluations of truncation, where the truncated (n − a)-bit chunks are not discarded but rather summed together and appended to the output. We prove that STH achieves a similar security level as truncation, and thus that the n − a bits of extra output is rendered for free. In the application of GCM-SIV, the current key derivation can be used to output 3n bits of random material, or it can be reduced to three primitive evaluations. Both changes come with no security loss. Keywords: PRP-to-PRF, Truncation, Sum of permutations, Efficiency, GCM-SIV 1 Introduction The vast majority of symmetric cryptographic schemes is built upon a pseu- dorandom permutation, such as AES [21]. Such a function gets as input a key and bijectively transforms its input to an output such that the function is hard to distinguish from random if an attacker has no knowledge about the key.
  • Data Encryption Standard (DES)

    Data Encryption Standard (DES)

    6 Data Encryption Standard (DES) Objectives In this chapter, we discuss the Data Encryption Standard (DES), the modern symmetric-key block cipher. The following are our main objectives for this chapter: + To review a short history of DES + To defi ne the basic structure of DES + To describe the details of building elements of DES + To describe the round keys generation process + To analyze DES he emphasis is on how DES uses a Feistel cipher to achieve confusion and diffusion of bits from the Tplaintext to the ciphertext. 6.1 INTRODUCTION The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST). 6.1.1 History In 1973, NIST published a request for proposals for a national symmetric-key cryptosystem. A proposal from IBM, a modifi cation of a project called Lucifer, was accepted as DES. DES was published in the Federal Register in March 1975 as a draft of the Federal Information Processing Standard (FIPS). After the publication, the draft was criticized severely for two reasons. First, critics questioned the small key length (only 56 bits), which could make the cipher vulnerable to brute-force attack. Second, critics were concerned about some hidden design behind the internal structure of DES. They were suspicious that some part of the structure (the S-boxes) may have some hidden trapdoor that would allow the National Security Agency (NSA) to decrypt the messages without the need for the key. Later IBM designers mentioned that the internal structure was designed to prevent differential cryptanalysis.
  • Using the Cryptographic Service Engine (CSE)

    Using the Cryptographic Service Engine (CSE)

    Freescale Semiconductor Document Number: AN4234 Application Note Rev. 0, 06/2011 Using the Cryptographic Service Engine (CSE) An introduction to the CSE module by: Geoff Emerson, Jurgen Frank, Stefan Luellmann Applications Engineering, Microcontroller Solutions Group Contents 1 Introduction 1 Introduction.......................................................................1 2 CSE...................................................................................5 This application note describes the features offered by the Cryptographic Services Engine (CSE) module which, for the 3 Example use cases-mini lifecycle...................................18 first time has been implemented on the MPC564xB/C device. 4 Conclusion......................................................................19 The module implements the security functions described in the 5 Glossary..........................................................................19 1 Secure Hardware Extension (SHE) functional specification . 6 References.......................................................................20 By reading this application note, the user will get an overview of the reasons for implementing the CSE module and how it A .........................................................................................20 can be used in typical automotive application use cases to help B .........................................................................................22 protect application code and inter module communication. C .........................................................................................25
  • Basic Security

    Basic Security

    Basic IT Security You are the number one reason your agency is safe “It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” ― Stephane Nappo Global Chief Information Security Officer Société Générale International Banking “In the underworld, reality itself has elastic properties and is capable of being stretched into different definitions of the truth.” ― Roderick Vincent, The Cause Focus: Password Security The strongest door is meaningless if someone has the key to it. The focus of this session is specifically on Password Security, as the fundamental first step in protecting your agency. Do Not Share Your Password According to the Center for Internet Security Passwords are a major defense against hackers, and developing good password practices will help keep your sensitive personal information and identity more secure. Tips for Developing Better Passwords: • Passwords should have at least 10 characters, include uppercase and lowercase letters, numbers, and symbols. • Avoid common words; some hackers use programs that try every word in the dictionary. • Never use personal information (your name, children's names, dates of birth, etc.) that someone might already know or easily obtain. • If you believe your system has been compromised, change your passwords immediately. • Use different passwords (or at least a variety of passwords) for each online account you access. • If you must write down your passwords, keep them in a secure location away from your computer. Under no circumstances should you store them in a document on your computer! Estimating Password- Cracking Times Common words Why do we want to avoid common words? Some hackers use programs that try every word in the dictionary.